Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103935
Category:SMTP problems
Title:Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
Summary:Multiple vendors' implementations of 'STARTTLS' are prone to a; vulnerability that lets attackers inject arbitrary commands.
Description:Summary:
Multiple vendors' implementations of 'STARTTLS' are prone to a
vulnerability that lets attackers inject arbitrary commands.

Vulnerability Impact:
An attacker can exploit this issue to execute arbitrary commands in
the context of the user running the application. Successful exploits
can allow attackers to obtain email usernames and passwords.

Affected Software/OS:
The following vendors are affected:

Ipswitch

Kerio

Postfix

Qmail-TLS

Oracle

SCO Group

spamdyke

ISC

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 46767
Common Vulnerability Exposure (CVE) ID: CVE-2011-0411
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://www.securityfocus.com/bid/46767
CERT/CC vulnerability note: VU#555316
http://www.kb.cert.org/vuls/id/555316
Debian Security Information: DSA-2233 (Google Search)
http://www.debian.org/security/2011/dsa-2233
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056560.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056559.html
http://security.gentoo.org/glsa/glsa-201206-33.xml
http://www.openwall.com/lists/oss-security/2021/08/10/2
http://www.osvdb.org/71021
http://www.redhat.com/support/errata/RHSA-2011-0422.html
http://www.redhat.com/support/errata/RHSA-2011-0423.html
http://securitytracker.com/id?1025179
http://secunia.com/advisories/43646
http://secunia.com/advisories/43874
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/0611
http://www.vupen.com/english/advisories/2011/0752
http://www.vupen.com/english/advisories/2011/0891
XForce ISS Database: multiple-starttls-command-execution(65932)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Common Vulnerability Exposure (CVE) ID: CVE-2011-1430
http://www.osvdb.org/71020
http://secunia.com/advisories/43676
http://www.vupen.com/english/advisories/2011/0609
Common Vulnerability Exposure (CVE) ID: CVE-2011-1431
Bugtraq: 20110307 Plaintext injection in STARTTLS (multiple implementations) (Google Search)
http://www.securityfocus.com/archive/1/516901
http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
http://www.postfix.org/CVE-2011-0411.html
http://securityreason.com/securityalert/8144
http://www.vupen.com/english/advisories/2011/0612
Common Vulnerability Exposure (CVE) ID: CVE-2011-1432
http://www.vupen.com/english/advisories/2011/0613
Common Vulnerability Exposure (CVE) ID: CVE-2011-1506
http://secunia.com/advisories/43678
http://www.vupen.com/english/advisories/2011/0610
Common Vulnerability Exposure (CVE) ID: CVE-2011-1575
http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html
http://openwall.com/lists/oss-security/2011/04/11/14
http://openwall.com/lists/oss-security/2011/04/11/7
http://openwall.com/lists/oss-security/2011/04/11/8
http://openwall.com/lists/oss-security/2011/04/11/3
http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd
http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd
http://secunia.com/advisories/43988
http://secunia.com/advisories/44548
Common Vulnerability Exposure (CVE) ID: CVE-2011-1926
Debian Security Information: DSA-2242 (Google Search)
http://www.debian.org/security/2011/dsa-2242
Debian Security Information: DSA-2258 (Google Search)
http://www.debian.org/security/2011/dsa-2258
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061415.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061374.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:100
http://openwall.com/lists/oss-security/2011/05/17/2
http://openwall.com/lists/oss-security/2011/05/17/15
http://www.redhat.com/support/errata/RHSA-2011-0859.html
http://www.securitytracker.com/id?1025625
http://secunia.com/advisories/44670
http://secunia.com/advisories/44876
http://secunia.com/advisories/44913
http://secunia.com/advisories/44928
XForce ISS Database: cyrus-starttls-command-exec(67867)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67867
Common Vulnerability Exposure (CVE) ID: CVE-2011-2165
http://secunia.com/advisories/44753
XForce ISS Database: watchguardxcs-starttls-command-execution(67729)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67729
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.